Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[openssl-dev] certificate signing using rsa pss algorithm?
397 views
Skip to first unread message
we...@infotech.de
Nov 10, 2015, 12:11:17 PM11/10/15
to
Dear openssl developers,
we are about to setup a new pki. So we have to choose the appropriate
algorithms and parameters.
How about certificates signed using rsa pcks#1v2.1 (aka pss) signed
certificates?
The latest known statement in this context we found is from Dr. Henson
on May 8, 2014.
He stated:
...
> It is possible to add an "alias" for this algorithm and then OpenSSL can
> handle the key directly. It wont however support the PSS semantics properly:
> i.e. the key can only be used for PSS and any parameter restrictions. For that
> reason this hasn't been done in the official sources.
...
Is there any progress in adopting pss certificates consistently? Which
difficulies do exist?
The current German Algorithmenkatalog states, that security fitness for
signatures using the
rsa pkcs#1v1.5 padding ends at the end of 2016. Therefore, we are
looking for proper algorithms
whose security finess ist expected to last longer.
Currently the only named alternative is ecdsa signatures, which should
be thoroughly supported
by current openssl versions.
Thanks in advance
--
Christian Weber
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
we are about to setup a new pki. So we have to choose the appropriate
algorithms and parameters.
How about certificates signed using rsa pcks#1v2.1 (aka pss) signed
certificates?
The latest known statement in this context we found is from Dr. Henson
on May 8, 2014.
He stated:
...
> It is possible to add an "alias" for this algorithm and then OpenSSL can
> handle the key directly. It wont however support the PSS semantics properly:
> i.e. the key can only be used for PSS and any parameter restrictions. For that
> reason this hasn't been done in the official sources.
...
Is there any progress in adopting pss certificates consistently? Which
difficulies do exist?
The current German Algorithmenkatalog states, that security fitness for
signatures using the
rsa pkcs#1v1.5 padding ends at the end of 2016. Therefore, we are
looking for proper algorithms
whose security finess ist expected to last longer.
Currently the only named alternative is ecdsa signatures, which should
be thoroughly supported
by current openssl versions.
Thanks in advance
--
Christian Weber
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Stefa...@t-online.de
Nov 12, 2015, 12:55:31 PM11/12/15
to
Hi,
You might want to upgrade to OpenSSL-1.0.2 which seems to support the
RSA PSS algorithm, see https://openssl.org/news/changelog.html#x5.
Regards,
Stefan
You might want to upgrade to OpenSSL-1.0.2 which seems to support the
RSA PSS algorithm, see https://openssl.org/news/changelog.html#x5.
Regards,
Stefan
we...@infotech.de
Nov 16, 2015, 7:15:23 AM11/16/15
to
Thanks for your reply.
Am 12.11.2015 um 18:45 schrieb Stefa...@t-online.de:
> Hi,
>
> You might want to upgrade to OpenSSL-1.0.2 which seems to support the
> RSA PSS algorithm, see https://openssl.org/news/changelog.html#x5.
>
> Regards,
> Stefan
...
we are up to the most current version, i.e. Snippet OpenSSL 1.0.2d 9 Jul
2015.
Trying the commandline tool
> openssl req -new -x509 -nodes -sha256 -days 365 -newkey rsa:2048 -out
> rca.pubcert.pem -keyout rca.privkey.pem -pkeyopt rsa_padding_mode:pss
> -pkeyopt rsa_pss_saltlen:-2 -passin pass:
... leads to ...
> Loading 'screen' into random state - done
> parameter error "rsa_padding_mode:pss"
> 10584:error:0408F090:rsa routines:PKEY_RSA_CTRL:illegal or unsupported
> padding mode:.\crypto\rsa\rsa_pmeth.c:517:
> 10584:error:06089093:digital envelope
> routines:EVP_PKEY_CTX_ctrl:command not
> supported:.\crypto\evp\pmeth_lib.c:405:
...
Since we found explicit exclusion of PSS padding for cert signing in
.\crypto\rsa\rsa_pmeth.c:501, we guess PSS signing of certificates is
currently not officially supported.
So we've just asked for the reason why, since we're looking for
certificates which may satisfy security needs for decades.
Regards
--
Christian Weber
Am 12.11.2015 um 18:45 schrieb Stefa...@t-online.de:
> Hi,
>
> You might want to upgrade to OpenSSL-1.0.2 which seems to support the
> RSA PSS algorithm, see https://openssl.org/news/changelog.html#x5.
>
> Regards,
> Stefan
we are up to the most current version, i.e. Snippet OpenSSL 1.0.2d 9 Jul
2015.
Trying the commandline tool
> openssl req -new -x509 -nodes -sha256 -days 365 -newkey rsa:2048 -out
> rca.pubcert.pem -keyout rca.privkey.pem -pkeyopt rsa_padding_mode:pss
> -pkeyopt rsa_pss_saltlen:-2 -passin pass:
... leads to ...
> Loading 'screen' into random state - done
> parameter error "rsa_padding_mode:pss"
> 10584:error:0408F090:rsa routines:PKEY_RSA_CTRL:illegal or unsupported
> padding mode:.\crypto\rsa\rsa_pmeth.c:517:
> 10584:error:06089093:digital envelope
> routines:EVP_PKEY_CTX_ctrl:command not
> supported:.\crypto\evp\pmeth_lib.c:405:
...
Since we found explicit exclusion of PSS padding for cert signing in
.\crypto\rsa\rsa_pmeth.c:501, we guess PSS signing of certificates is
currently not officially supported.
So we've just asked for the reason why, since we're looking for
certificates which may satisfy security needs for decades.
Regards
--
Christian Weber
0 new messages